Registration bypass using OAuth logical bug
https://hackerone.com/reports/64946
null
paramdham
$40
X-Frame-Options
https://hackerone.com/reports/237071
null
dark_heaven
null
Clickjacking
https://hackerone.com/reports/21110
null
techintheprovince
$50
Clickjacking in the admin page
https://hackerone.com/reports/728004
null
ant_pyne
null
https://admin.corp.cuvva.co/ is vulnerable to Clickjacking attacks due to missing X-Frame-Options
https://hackerone.com/reports/231434
null
shepard
null
Clickjacking in Legalrobot app
https://hackerone.com/reports/270454
null
9it0wl
null
Clickjacking irclogs.wordpress.org
https://hackerone.com/reports/267075
null
sameull
null
User can be fooled to Bookmark any restaurant by clickjacking
https://hackerone.com/reports/228295
null
na5ne3t
null
RTLO char allowed in chat
https://hackerone.com/reports/196222
null
kontez
$250
URL is vulnerable to clickjacking
https://hackerone.com/reports/337219
null
hacker_one_one
null
aspen | clickjacking
https://hackerone.com/reports/272387
null
vilen07
null
UI Redressing on Embedded Charts
https://hackerone.com/reports/244697
null
mr_r3boot
null
Bypass CSP frame-ancestors at olx.co.za, olx.com.gh
https://hackerone.com/reports/371980
null
b9b86c2fc8409c628fb3de6
null
Clickjacking on donation page
https://hackerone.com/reports/921709
null
b0d8e6c576cada9bb87be7b
$50
Clickjacking
https://hackerone.com/reports/200419
6.1
b1b62e8d81ce1e3993ad913
null
frame injection on bittorrent.com
https://hackerone.com/reports/846430
null
aslanemre
null
clickjacking to Semrush auth login
https://hackerone.com/reports/318295
null
karrrtik
null
Clickjacking : https://partners.cloudflare.com/
https://hackerone.com/reports/106362
null
xsserboiii
null
Certificate warnings and similar UI elements in Web protection of Anti-Virus products family are susceptible to clickjacking
https://hackerone.com/reports/463695
null
palant
null
UI Redressing ( ClickJacking ) Issue on Information submit form
https://hackerone.com/reports/163753
null
khizer47
null
Clickjacking on https://download.nextcloud.com
https://hackerone.com/reports/658011
null
bibek1
null
Crafted frame injection leading to form-based UI redressing.
https://hackerone.com/reports/291683
null
edoverflow
$100
URL is vulnerable to clickjacking https://app.passit.io/
https://hackerone.com/reports/530008
null
whitehacker18
null
Clickjacking on cas.acronis.com login page
https://hackerone.com/reports/971234
null
dgirlwhohacks
null
Cross-site Scripting (XSS) - Stored in RDoc wiki pages
https://hackerone.com/reports/662287
null
vakzz
$3,500
ClickJacking in editing business name
https://hackerone.com/reports/227837
null
mohammad_obaid
null
clickjacking at http://mailboxes.legalrobot-uat.com/
https://hackerone.com/reports/165542
null
amir0ezat
null
UI Redressing (Clickjacking) vulnerability
https://hackerone.com/reports/776932
null
p1k4chu0
null
Clickjacking on https://www.goodhire.com/api
https://hackerone.com/reports/298028
null
tolo7010
null
Click jacking in delete image of user in Yelp
https://hackerone.com/reports/201848
null
mohamedsherif
null
Bypassing X-frame options
https://hackerone.com/reports/283951
null
haxorgirl
null
Frameset(Frame) html tag is allowed in html editor.(can lead to clickjacking)
https://hackerone.com/reports/285609
null
na5ne3t
null
Twitter Periscope Clickjacking Vulnerability
https://hackerone.com/reports/591432
null
eo420
$1,120
nginx server vulnerable
https://hackerone.com/reports/137230
null
thalaivarsubu
null
Clickjacking in [exchangemarketplace.com]
https://hackerone.com/reports/658217
null
eissen5c
null
ClickJacking
https://hackerone.com/reports/179839
null
jessepinkman
null
ClickJacking
https://hackerone.com/reports/183127
null
blablaa
null
Attack User Privacy Settings - X-Frame-Options missing on m.imgur.com/user/username/settings
https://hackerone.com/reports/103178
null
kasser
null
Clickjacking wordcamp.org
https://hackerone.com/reports/230581
null
hasanexpert
null
Nextcloud Clickjacking Vulnerability
https://hackerone.com/reports/710996
null
try_4_hack
null
Clickjacking Full account takeover and editing the personal information at [account.my.com]
https://hackerone.com/reports/261652
null
t-pwn
null
Clickjacking
https://hackerone.com/reports/8724
null
ma120320
$150
Clickjacking login page of http://book.zomato.com/
https://hackerone.com/reports/146948
null
benoculars
null
Missing security headers, possible clickjacking
https://hackerone.com/reports/64645
null
paramdham
$20
Clickjacking In https://demo.nextcloud.com
https://hackerone.com/reports/222762
null
xsszeeshan
null
Clickjacking on my.stripo.email for MailChimp credentials
https://hackerone.com/reports/737625
null
jasongardner
null
[api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS
https://hackerone.com/reports/953579
null
fuzzme
$150
Settings page in https://support.my.com is vulnerable to clickjacking
https://hackerone.com/reports/667400
0
obayda
null
Single Sing On - Clickjacking
https://hackerone.com/reports/299009
null
r0p3
$150
Possible clickjacking at shop.khanacademy.org
https://hackerone.com/reports/6370
null
internetwache
null
Account takeover vulnerability by editor role privileged users/attackers via clickjacking
https://hackerone.com/reports/388254
null
rewanth_cool
null
Clickjacking at https://staging.uzbey.com/
https://hackerone.com/reports/17315
null
vineet
null
Clickjacking on Mixmax.com
https://hackerone.com/reports/234713
null
mrr3boot
null
Clickjacking: X-Frame-Options header missing
https://hackerone.com/reports/129650
null
white_hat_0003
null
RTLO character allowed in shared files
https://hackerone.com/reports/229170
null
inhibitor181
null
ClickJacking on Debug
https://hackerone.com/reports/225555
null
bf7e43565d8cf54de3bc5a7
null
Clickjacking Vulnerability via https://webagent.mail.ru leading to protection bypass for https://web.icq.com/ end point
https://hackerone.com/reports/918923
3.8
jayesh25
$150
Improper markup sanitization.
https://hackerone.com/reports/289823
null
edoverflow
$150
Clickjacking: X-Frame-Options header missing
https://hackerone.com/reports/163646
null
vilen07
null
https://hackerone.com/reports/12035
null
rickgeex
null
Clickjacking in ops.cuvva.com
https://hackerone.com/reports/583624
null
ph0b0s
null
Clickjacking Vulnerability on https://support.my.com/games/ticket/xxxx/
https://hackerone.com/reports/357954
null
nullsaint
null
Gitlab.com is vulnerable to reverse tabnabbing via AsciiDoc links. (#3)
https://hackerone.com/reports/213114
5.4
edoverflow
null
Vulnerable to clickjacking
https://hackerone.com/reports/123782
null
trabajoduro
null
Make user buy items via clickjacking possibility
https://hackerone.com/reports/471967
3.8
humanoidphantom
$200
Click jacking
https://hackerone.com/reports/13550
null
dushyantsahu1
null
Found clickjacking vulnerability
https://hackerone.com/reports/119828
null
9-d
null
clickjacking
https://hackerone.com/reports/1207
null
adrianbelen
null
Clickjacking on https://download.nextcloud.com/
https://hackerone.com/reports/662155
null
j4tayu
null
Sensitive Clickjacking on admin login page.
https://hackerone.com/reports/389145
null
shakhawatpr99
$100
Modifying application settings via clickjacking on o2.mail.ru
https://hackerone.com/reports/355774
3.8
zishanadthandar
$150
clickjacking on leaving group(flick)
https://hackerone.com/reports/7745
null
adrianbelen
null
RTLO character in file names
https://hackerone.com/reports/210354
null
inhibitor181
$250
URL is vulnerable to clickjacking
https://hackerone.com/reports/712376
null
whitehacker18
null
Clickjacking mercantile.wordpress.org
https://hackerone.com/reports/264125
null
villagelad
null
clickjacking on https://gratipay.com/on/npm/[text]
https://hackerone.com/reports/267189
null
nihaddl
null
Following a User After Favoriting Actually Follows Another User (related to #95243)
https://hackerone.com/reports/97510
null
ericr
$280
Missing X-Frame-Options header
https://hackerone.com/reports/49888
null
abdul_r3hman
null
Improper markup sanitisation in Simplenote Android application.
https://hackerone.com/reports/297547
null
edoverflow
$300
Stealing User emails by clickjacking cards.twitter.com/xxx/xxx
https://hackerone.com/reports/154963
null
akhil-reni
$1,120
Highly wormable clickjacking in player card
https://hackerone.com/reports/85624
null
filedescriptor
$5,040
Clickjacking vkpay
https://hackerone.com/reports/374817
4.3
0x3c3e
null
Clickjacking at surveylink.yahoo.com
https://hackerone.com/reports/3578
null
internetwache
null
Clickjacking Periscope.tv on Chrome
https://hackerone.com/reports/198622
null
mishre
$560
Clickjacking: X-Frame-Options header missing
https://hackerone.com/reports/27594
null
bigbear
null
Bypassing the Trusted Link Alert System
https://hackerone.com/reports/384569
5.7
pipe-to-grep
$150
CJ vulnerability in subdomain
https://hackerone.com/reports/140392
null
0x0ameer
$50
Clicjacking on Login panel
https://hackerone.com/reports/8459
null
chandrakant
null
Clickjacking: X-Frame Header Missing
https://hackerone.com/reports/168358
null
vaxo
null
ClickJacking on IMPORTANT Functions of Yelp
https://hackerone.com/reports/305128
3.5
hk755a
$500
Clickjacking: Delete Account, Change privacy settings, Rate business, follow/unfollow (IE)
https://hackerone.com/reports/338569
null
foobar7
null
AWS S3 website can't serve security headers, may allow clickjacking
https://hackerone.com/reports/149572
null
null00null00
$40
Prepopulation of email address and name leaks information provided to other merchants
https://hackerone.com/reports/316290
null
cablej
$250
Clickjacking at ylands.com
https://hackerone.com/reports/405342
null
kryptomon
$80
ClickJacking
https://hackerone.com/reports/7862
null
daksh
null
Clickjacking at https://www.mavenlink.com/ main website
https://hackerone.com/reports/14631
null
vineet
$50
Click Jacking
https://hackerone.com/reports/163888
null
muhaddix
null
Open URL Redirection
https://hackerone.com/reports/4521
null
mafia
null
Click Jacking Nextcloud
https://hackerone.com/reports/347782
null
enz0
null
Gitlab.com is vulnerable to reverse tabnabbing. (#2)
https://hackerone.com/reports/212629
5.4
edoverflow
null
Site-wide clickjacking at IE11
https://hackerone.com/reports/614947
null
skavans
$500
Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App
https://hackerone.com/reports/643274
null
slickrockweb
$1,120
Clickjacking on https://nextcloud.com/
https://hackerone.com/reports/661768
null
j4tayu
null
Ошибка фильтрации
https://hackerone.com/reports/34686
null
cyberunit
$500
Clickjacking @ Main Domain[www.yelp.com]
https://hackerone.com/reports/197115
null
h4ck3r0ne
null
Clickjacking vulnerability in support-dashboard.corp.cuvva.co
https://hackerone.com/reports/231694
null
d0rkerdevil
null
Bypass of the Clickjacking protection on Flickr using data URL in iframes
https://hackerone.com/reports/7264
null
joserabal
$250
Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com
https://hackerone.com/reports/765355
null
theamanrawat
$75
Sandboxed iframes don't show confirmation screen
https://hackerone.com/reports/54733
null
homakov
$1,000
Delete images of users with clickjacking in https://pw.mail.ru
https://hackerone.com/reports/675614
3.1
chajer
null
Clickjacking - https://mercantile.wordpress.org/
https://hackerone.com/reports/258283
null
giantfire
null
ClickJacking on http://au.launch.yahoo.com
https://hackerone.com/reports/1229
null
p1k4chu
null
Clickjacking on authorized page https://wakatime.com/share/embed
https://hackerone.com/reports/244967
null
silv3rpoision
null
Clickjacking - changing role
https://hackerone.com/reports/7924
null
smiegles
null
Following links are vulnerable to clickjacking
https://hackerone.com/reports/289246
null
karma1
$150
Clickjacking
https://hackerone.com/reports/832593
null
hackerboy404
null
Clickjacking In jobs.wordpress.net
https://hackerone.com/reports/223024
null
5ecurity5roker
null